According to a recent article, NCR reported the issue this past weekend, which impacted its Aloha restaurant point-of-sale product (POS).
In a press release, the U.S. payments titan reported that on April 13, a single data center outage was the result of a cyber ransomware attack. As NCR worked to resolve the issue, the company contacted customers, executed its cybersecurity protocol, and reached out to experts in the matter to restrain and to initiate recovery operations.
The group that is heading an investigation on the attack includes external forensic cybersecurity experts, NCR experts, and federal law enforcement.
According to NCR, the investigation that has been currently conducted concluded that none of their ATM, digital banking payments, or retail products are processed in this specific, data center location. Furthermore, no customer systems or networks were targeted.
The Impact of Ransomware
Ransomware that takes place on POS platforms can negatively impact companies within the hospitality industry, according to the latest research by computer and network security firm Claroty’s CRO Simon Chassar:
“Our research shows that 51% of the food and beverage sector reported substantial disruption when hit by a ransomware attack in 2021. Moreover, these attacks can cause significant financial losses for organizations, with more than a third stating that the revenue impact of operational disruption would be at least one million dollars per hour.”
Chassar goes on to predict that as the hospitality industry continues to implement cyber-physical systems (CPS), they will only be exposing themselves to more cyber attacks and susceptibilities. Cyber-physical systems are systems that integrate both computer and physical elements such as hardware, software, networks, and computer to carry out a function.
As organizations across various industries continue to grapple with these types of cyber threats, the solution lies in determining where the vulnerability lies.
“Businesses must have visibility across their entire network for all assets connected to understand their risk posture and provide patches to critical assets such as operational technology (OT) and IoT devices,” Chassar said. “It is also essential to segment their networks to restrict unnecessary connectivity and the movement of malware to mitigate the impact of cyberattacks.”